|
|
|
|
|
|
by malux85
989 days ago
|
|
|
Drop a cookie in their browser and 2FA them if the cookie is not present. It's much less likely the attacker will have the users credentials AND cookies, so this raises the bar for the attacker without annoying the user too much. |
|
|